Top Reports Netflow: an asset for your service desk!

Because the service desk is necessary to the company’s performance, it is essential to optimize its response capacity. Specific tools have been designed to facilitate its task: the Top Report Netflow is one of them. What is this tool? What is its added value? Interview with Frédéric Ribes, Service Desk Manager at Maltem Insight Performance.

How is the Netflow Top Report useful for the Service Desk?

The Top Report is an analysis report that provides a list of the first flows responsible for a (possible) network slowdown (screenshot below, Editor’s note). The flows are the different types of traffic, incoming and outgoing. In practice, these flows include web-related traffic (the http or https protocol), e-mail exchanges, file sharing, etc. Thanks to the Top Report, we can identify where slowdowns come from and classify them, whether they are related to remote sites (Remote Services) or a local problem (Local Services).

*Customizable number (from 10 to 200)

 

Top Reports Netflow: an asset for your service desk!

 

How are these flows analyzed?

We conduct this analysis using the Netflow protocol. This network monitoring technology, developed by Cisco Systems, collects information on incoming and outgoing flows. It allows to supervise the resources used by the network. This flow analysis allows us to collect information related to the traffic on the routers. Netflow makes it possible, for example, to identify which IP address is the most talkative (local or remote), i.e. the one that hogs the Information System the most. It can also evaluate which address pairs (Top Pairs) or which applications (Remote/Local Services) are the most active and therefore the most cumbersome for the network.

Can you give us an example of a resolution provided by a Netflow Top Report?

Yes, several of them!

If the Service Desk is contacted about a network degradation at a remote site, the Top Report can, for example, find out whether it is a problem with updating (capacity planning) or a virus.

Another case: an application migration to the cloud. The Top Report makes it possible to identify at a glance whether there is sufficient bandwidth between the internal infrastructure and the cloud. Will the throughput be able to handle the traffic related to all the uses of the Information System? If it is currently 2 Mbps, shouldn’t it be upgraded to 10 Mbps?

The Top Report can also be used to prevent the risk. Recently, one of our clients was concerned that they had been hit by the RansomWare Wannacry that flooded networks in the spring of 2017. The exploitation of the Netflow protocol allowed us to evaluate if there was an abnormal traffic linked to this RansomWare by collecting the associated flows corresponding to the vulnerable network ports and propitious to possible viral attacks. Thus, we were able to identify abnormal traffic potentially linked to RansomWare: we therefore located the impacted sites and recommended a security policy, which streamlined and optimized the protection system.

How can your intervention optimize the performance of a Service Desk? Isn’t it already equipped to solve all these problems?

We intervene in support of our customers’ service desks because our mission is to optimize the performance of the Information System. We implement a managed service based on performance measurement. As such, we can anticipate problems but also facilitate diagnosis. We provide, in all objectivity, the tools necessary for a constant improvement as well as a consolidated vision of the Information System.

  • Share:
Send a Message